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Security Evaluation 


• FAQ when dealing with IT solutions for security applications: 
u How secure is this technology? 

U Why should I trust it? 

u Who assures the level of security offered by this system? 



INDEPENDENT SECURITY EVALUATION 


How is this being implemented in Bl OMETRICS? 
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Security Perspective 


• There are two ways of addressing the security problem: 



SECURITY THROUGH 
TRANSPARENCY 



Relies on openness to 
provide security. Largely 
used in cryptography. 

'The simpler and fewer the 
things that one needs to 
keep secret, the easier it is 
to maintain the security" 


Let's face the problems and find solutions for them (controlled 
risk), before somebody else finds the way to take advantage of our 

secrets (unpredictable consequences) 
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Security Evaluation in Biometrics 



Competitions: 
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• Standards: 


Y Common Criteria 

« 






Constant need to search for new vulnerabilities 
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2. Biometrics 












Biometric systems 
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Biometric modalities 


BEHAVIOURAL 

(signature, voice, 
gait...) 

PHYSIOLOGI CAL 

(fingerprints, iris, 
face, hand 
geometry...) 


• Characteristics: 

y Universality: everybody should possess it 
U Distinctiveness: should have enough intervariability 
U Permanence: should not vary through time 
y Collectability: should be easy to acquire 
y Performance: should have good error rates 
y Acceptability: user should not be r eluctant to use it 
^^Hrcumvention: difficult to hvnass^^ 
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Attacks to Biometric Systems 


• Possible points of attack to a biometric system. 


Dl RECT ATTACKS 

(Spoofing, mimicry) 


INDI RECT 
ATTACKS 

(Trojan Horse, Hill 
Climbing, Brute 
Force, channel 
interception, replay 
attacks, masquerade 
attacks...) 
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Objective: I nverse Biometrics 


I nverse Biometrics: 


Can we reconstruct the sample from the 

template? 


Traditional answer -> NO! 
However... 

Genuine^ Template 



Reconstruction 
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Gummy Finger 




IS THIS POSSIBLE FOR THE I Rl S? 
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3. Oris Recognition 










I ris Recognition 


• Very low error rates 

• Long-term permanence 

• Many commercial solutions 
■ ■ ■ 

• Vulnerabilities? 
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I ris Recognition: How does it work? 


Acquisition 

+ 

Detection 
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I ris Recognition: How does it work? 





GENUINE SAMPLE 


Normalization 
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Segmentation 


TEMPLATE -> /R/SCODE 

01010101010100010101010101010100010101010101010100010101010101010100 
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01010101101010111011110101000000110010101010100010010010111101101110 
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4. The Reconstruction Metht^ 

















The Problem (I) 


How do we know that an iris image is the reconstruction 

of a given template? 


Because it is positively matched to the genuine template 

by iris recognition systems 


• Find an iris image: IR 

L Any iris image? -> NO! 

• Such that: 

iJ It's associated template BR 

L When compared to the known template B (the one being 
reconstructed) 

U Using a matching function J 
L Gives a score higher than a certain threshold 5 
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The Problem (I I) 


How do we find such an iris image? 


Use a GENETIC ALGORITHM to look for it 
(i.e. r optimize the score = optimize the fitness function) 


• GENETIC ALGORITHMS: 

Id Heuristic search tool 

Id ITERATIVELY applies certain rules inspired in natural evolution 
id To a population of individuals (possible solutions) 

Id According to a given fitness function which has to be optimized 
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The Solution: General Architecture 


Acquisition 

+ 

Segmentation 

+ 

Normalization 



I Reconstruction Method | 

1 (based on a Genetic Algorithm) I 

I_J 


Assumption: we have access to sfor several //? 
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The Solution: The Algorithm (I) 


• STEP 1: Generate initial population P 0 with N individuals (/„') 

• STEP 2: Compute the N scores s, 

• STEP 3: Generate the next generation P n according to four rules: 
Id Elite: two individuals 

Id Selection: stochastic universal sampling 
Id Crossover: scattered crossover 
Id Mutation: random changes 

• STEP 4: Redefine P 0 = P n and go back to step 2. 


* Stopping Criteria: 

Id The best score is higher than 5 (RECONSTRUCTION OK!) 
Id Score increase in the last generations is very small 
Id Maximum number of generations is reached 
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The Solution: The Algorithm (II) 



Normalized Iris Image 
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5. Experimental Protocol 











Development and Validation 


• Avoid positively biased results 

• Publicly available DBs and systems -> reproducibility 
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Development: DBs (I) 


Development DBs: 


Biosecure DE 
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DEVELOPMENT 


Biosecure DB 
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Development System; 
LogGabor-Based 
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Development: DBs (II) 


• Typical examples from Biosecure DB and SDB. 

• Totally different -> results are no biased. 
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Development: System 


• Development System: academic 
implementation. Used to compute 
scores s,- in the reconstruction 
algorithm 

Id Segmentation : iris and pupil 
boundaries -> circles 

Id Normalization : rubber sheet 
model 

Id Feature encoding : based on ID 
Log-Gabor filters 

Id Matching : hamming distance 
Id Available at: 

http://www.csse.uwa.edu.au/pk/stu 

dentprojects/libor/sourcecode.html 
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Validation: DBs 


• Validation DBs: 

• Biosecure DB : REAL database attacked. 

• Reconstructed Biosecure DB : SYNTHETIC database used peform the 
attacks 

U 420 users 

y 5 reconstructions of 1 genuine sample per user 
U Total of 420 x 5 = 2,100 iris reconstructions 
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Validation: System 


• VeriEye: commercial application 

U BlackBox: no info about how it works -> unbiased results 
U It requires as input EYE images (NOT normalized iris images) 
U Available at: http://www.neurotechnology.com/verieye.html 
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Validation: Attacks 






Performance measure: Success Rate (SR) -> SR=A s /A r 

• A s = Successful attacks 

• A,- = Total attacks 
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6. Results: Performance 













Results: Development (I) 


How do we know that an iris image is the reconstruction 

of a given template? 

Because it is positively matched to the genuine template 

by iris recognition systems 

(score higher than a certain threshold 5) 



31/41 














Results: Development (II) 





ORIGINAL 


RECONSTRUCTIONS 
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Results: Development (III) 


• VeriEye (validation system): commercial application 

U It requires as input EYE images (NOT normalized iris images) 

• Our EYE images look like... 
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Results: Validation (I) 
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• The reconstruction algorithm is validated -> very high performance 

• Unrealistically high security scenario -> 75% of breaking the system 

• More likely to break the original sample, than other real sample from 
the same user. 

• Still, very high probability of breaking other real samples. 

• For the most likely attacking scenario -> 92% SR 

• More than one reconstruction -> 30% SR increase 

• Yet another new vulnerability -> black cirde+white background = Eye 

image 34 /4i 



































6. Results: Appearance 










Results: Appearance (I) 


What about humans? 

Are they deceived by the reconstructed irises? 


#■ 

Tjf / J 

w 

• 


O 


' s ^ r \ 

I 

\ 1 


36/41 

















Results: Appearance (II) 


• 100 irises (50 real / 50 synthetic) 

• 25 non-experts / 15 experts 

U Rank: 0 (fully synthetic) - 10 (fully real) 
y 15 minutes max. 


Non-Expert Participants (25) 
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Expert Participants (15) 

Error Rates 

■m — 
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Average Time 
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9.0 

7.6 

8.3 
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1.9 
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• Over 37% of misclassified irises by non-experts -> real-like appearance 

• FSR/FRR very close -> not easier to distinguish one class over the other 

• Average scoring very close -> idem 

• Not so easy with experts, but still possible 
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Results: Development (III) 


• Would you like to try? 






















































































































6. Conclusions 







Conclusions 


• Can iris images be reconstructed from the iriscode? -> YES! 

• Can this reconstructed images be used to successfully break iris recognition 
systems? -> YES! 

• Is it more dangerous to be able to reconstruct SEVERAL iris images? -> YES! 

• Should iris recognition systems check that what is being presented is really 
an eye image? -> YES! 

• Do the iris reconstructed images look real to the average human? -> YES! 


• To sum up... do we need to develop specific countermeasures for this new 
vulnerability? -> YES! 

U Cryptography for the templates. 

LJ Liveness detection for the systems. 
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